Get your people interested in cyber security and you become more resilient. Here’s how to go about it, starting with the potential end of the world.
Uranium centrifuges facilitate either nuclear power or nuclear weapons.
They’re powerful, valuable and extremely dangerous when in the wrong hands.
Stuxnet, meanwhile, is a software that causes irreparable damage to Siemens motors – which are often connected to Uranium centrifuges.
In 2010, Stuxnet began attacking Siemens motors.
Now – why is it people are largely disinterested in cyber security training?
Cyber security still unexciting
It’s a strange state of affairs.
As is evident from the above Stuxnet tale, today’s cyber security stories often rival those of a James Bond thriller.
Few people really see it that way, though, so clearly our industry is failing to make the topic of cyber security as engaging as it should be.
That perhaps explains why people are still the number one cause of breaches all around the world – and it begs the question that’s the focus of this article:
How can you ensure your people take more of an interest in cyber security?
Using psychology to boost engagement in cyber security
It’s a question we ask constantly as we develop CybSafe. More specifically, we’re interested in how we can use learnings from psychology to make cyber security training both more appealing and more memorable.
The following list offers ten potential solutions, all of which are built into the CybSafe platform.
1. Use story
Stanford University research suggests stories are up to 22 times more memorable than facts alone. The scholar Jonathan Gottschall goes even further, claiming stories help us make sense of the world around us and thus historically helped ensure our survival.
Including stories in cyber security training – such as the above Stuxnet story, lifted from a CybSafe module directly – is undoubtedly a sure-fire way to keep people hooked.
2. Keep things updated
Once upon a time, paying attention to the novel helped us escape threats – which is why we’re now hardwired to pay attention to anything new. It’s a phenomenon that sees babies of less than a day old instinctively staring, fascinated, at almost anything they see.
It’s also a phenomenon that ensures dated cyber security training quickly becomes dull.
Aside from educating people on new threats, constantly updating cyber security training ensures known dangers never become mundane.
3. Use multimedia
Research suggests videos are processed up to 60,000 times faster than text. Video eases cognitive strain and ensures messages sink in, yet not all cyber security training takes advantage of multimedia.
Supplementing text, images and audio with video both keeps things novel (see above) and makes cyber security training easier to take in.
4. Avoid complex
Somewhat tragically, we humans seem coded to avoid cognitive mental strain. It’s why we frequently prefer video to text and why pension enrolment rates in “opt-out” countries vastly outstrip enrolment rates in “opt-in” countries. We’re coded to avoid exertion.
The complex topic of cyber security might seem like it requires complex training, but simple, intuitive training will almost certainly be more effective than anything requiring increased effort.
5. Customise modules
As discussed elsewhere on the CybSafe blog, humans are reliant on what psychologists call schema to guide our behaviour in any given situation. As an example, it’s schema that sees people wear black to funerals but not weddings.
Schema are why people tend to pay attention to cyber security during cyber security training classes but drop their guard the moment training ends. By customising modules to embed elements of the day job into training itself, it’s possible to modify the existing workplace schema your people have. In doing so, cyber security becomes less alien, more engaging and more memorable all at once.
6. Simulate attacks
Simulating cyber attacks is perhaps the most direct way to increase engagement in cyber security training. They’re unignorable. They demand a reaction.
Not enough cyber security training providers make appropriate use of simulated attacks.
7. Share performance reports
Cyber security training is often seen as something that must be completed in addition to the day job – when it should really be viewed as part of the day job itself – and not just relevant for the job but for personal and domestic wellbeing, too.
By sharing individual cyber security performance reports (in the same way a manager might feedback on existing key performance indicators), cyber security becomes part of the day job and a way in which a business can encourage its people to really look after themselves.
Your people will only ever take cyber security as seriously as your culture allows.
8. Educate people on threats
In 2013, illegal access to a woman’s webcam could be bought for 64p online.
Whilst at CybSafe we don’t condone scaremongering, we strongly believe more should be done to educate people on threats. And just as with both stories and things that are novel, humans are evolutionarily wired to pay attention to threats.
Including training modules on threats – both personal and corporate – isn’t just socially responsible. It dramatically heightens cyber security engagement.
9. Use blended learning
Blended learning styles use multiple learning techniques to ensure individuals can tailor their learning to their specific needs.
As you might remember from your full-time education, different people learn in different ways. Forcing someone to learn in a manner that doesn’t come naturally builds resistance to any kind of training, cyber security or otherwise.
Blended learning can therefore keep people engaged.
10. Train everyone
Another fundamental trait of the human psyche is our desire to belong to a group of some shape or form – which explains phenomena such as peer pressure, Groupthink and football hooliganism.
In the context of cyber security, properly training your entire organisation on cyber security can create a group that takes cyber security seriously. It also positions cyber security as a topic of importance and is a prerequisite to creating a culture focused on cyber security.
Changing human behaviour
As you may already know, CybSafe focuses on changing human behaviour to increase cyber resilience.
As you may also know, CybSafe uses learnings from psychology and behavioural sciences to do so in a positive way – and hence leverages and facilitates all of the above.
Whilst it’s true that humans remain responsible for more breaches than any other factor, it’s not all doom and gloom. It is, however, essential we focus on making cyber security training more interesting and engaging.
Interested in finding out how CybSafe can help your organisation, we’d love to show you. Click here to arrange a free demo.